Advertising

* ipa-server-certinstall now works correctly both with a CA subsystem
and in CA-less installations

* The --subject option in ipa-server-install is now handled correctly

* During installation, directory server tuning is performed correctly on
sysV and systemd systems
* During installation, the CA service is stopped during configuration
file changes to prevent race conditions

Manual upgrade procedure is required for FreeIPA servers installed with
version

prior to 3.1.
Please see http://www.freeipa.org/page/Howto/Dogtag9ToDogtag10Migration for
details.
=== Other FreeIPA servers and clients ===
An IPA server can be upgraded simply by installing updated rpms. The server
does not need to be shut down in advance.
Please note that if you are doing the upgrade in special environment (e.g.
FedUp) which does not allow running the LDAP server during upgrade process,
upgrade scripts need to be run manually after the first boot:
# ipa-upgradeconfig
# ipa-ldap-updater --upgrade
Also note that the performance improvements require an extended set of

indexes to be configured. RPM update for an IPA server with a excessive
number

of users may require several minutes to finish.

If you have multiple servers you may upgrade them one at a time. It is
expected
that all servers will be upgraded in a relatively short period (days or
weeks,
not months). They should be able to co-exist peacefully but new features
will

not be available on old servers and enrolling a new client against an old
server will result in the SSH keys not being uploaded.
Downgrading a server once upgraded is not supported.

Upgrading from 2.2.0 and later versions is supported. Upgrading from
previous

versions is not supported and has not been tested.

An enrolled client does not need the new packages installed unless you
want to
re-enroll it. SSH keys for already installed clients are not uploaded,
you will

have to re-enroll the client or manually upload the keys.
== Feedback ==